0

Security World – Password Analysis

by Zlatko Pažin21. September, 2015

What do you think of your password? Is it safe? When was the last time you change it? And do you use the same password for accounts on different websites? These are just some of the questions you must ask yourself if you want to know how good your password is. These are also the same question used in lots of polls and the results were very bad or I could say humiliating. The research shows that most people use passwords with only 4 to 6 characters and passwords that are easy to remember and most of the people don’t ever change that password. So, still think that you password is good? You can also test it on Microsoft Password Strength Calculator. Just type your password in the box (it is secure, Microsoft does not store or share the information you enter) and see the result. Your password should get at least strong or very strong grade. It the result is weak or medium then you should think about improving it to improve your security on internet.

Password

How to create powerful password?

When you are creating password it is important to know two things, long and complex passwords are secure. Ideal password should contain uppercase and lowercase letters, numbers, symbols and different characters. With every different character you add your password will be better. Try to use passwords with more than 14 characters and don’t use the same password to access more accounts.

There are lots of ways to make a perfectly strong password. For starters, try to write some sentence you will remember and that means something. For example – “This is a page where you will find information about strong passwords.” Now take all the first letters from this sentence, you get “tiapwywfiasp”. If I type that to password strength calculator I get medium strength which is good but not good enough.

First Step

Now let’s add some uppercase letters, let’s change all ‘w’ and ‘a’ to uppercase. Now we get “tiApWyWfiAsp”. It is still medium strength but just after the both ‘W’ letters add your lucky number. Now we have “tiApW7yW7fiAsp”.

Second Step

Now you got a strong password for yourself. That should be good enough but let’s make it perfect. Since you like money add two dollar signs, one at the beginning and the other one at the end, like this “$tiApW7yW7fiAsp$”. And now Microsoft says that you have a very strong password no one will be able to crack. Good job!

Third Step

That was just one method to create powerful password. There are lots of others and one of them is called the PAO method. PAO (Person-Action-Object) is a method that will help you to create and easily remember a very strong passwords. It is based on a person (that can be you or some famous person), an unusual action (something unlikely because our brain remembers unusual actions) and an object (can be your house, for example). Now make a story, let’s put it this way – “I am driving a car inside my house). Now take middle three letters from ‘driving’, a whole ‘car’ word and last three letters from ‘house’.  You get password “ivicaruse”. Combine that with more stories and you will get a password that looks ridiculous but it will be familiar to you.

There is another very useful method called PMM (Phonetic Muscle Memory). This method will help you to create unusual and very strong passwords. You can get a password by following five steps:

Norton Password Generator

  1. Go to some website that will generate password for you. For example, this one.
  2. Create at least 20 different passwords that have more than 10 characters and have both types of letters, numbers and maybe even symbols.
  3. Now search for the passwords you can remember easily. I can’t decide which passwords you will remember better and which you won’t, it’s up to you to decide.
  4. When you picked some passwords you like the most then write them out to a text file, and make sure that you can type them easily because that means you will remember them easily.
  5. Print out the paper where you will have reminders about the passwords.

Now you have a list of passwords you can use for different accounts. Nice, right?

 

Some more advices

You can never be completely sure when creating and maintaining passwords. You were able to learn what you should and shouldn’t do above but here are five basic advices about passwords, some of them were already mentioned above but there is no harm in repeating because you will remember it better.

Strong Passwords

  1. Make a password that contains phrases with special characters, uppercase and lowercase letters, numbers and symbols. Password must be at least 10 characters long. Try to avoid everything that can be connected with you (your name, birthdate, phone number and similar). And change some letter with numbers or symbols. For example, instead of letter ‘O’ use ‘0’. And for letter ‘i’ use ‘!’.
  2. Never use the same password on more accounts. Always make more passwords and use one password for access to different services. It can be hard, but it’s worth the trouble.
  3. Try to change passwords regularly. Some experts say that password should be changed every 90 days. If you want to increase security to maximum then follow that advice but it should be enough to change password twice a year. Don’t every write the password down on paper or tell it anyone, password must always be a secret and in your head.
  4. When creating an account don’t forget to write phone number or e-mail there because that will help you to restore your password if you forget it.
  5. When logging in to very important services or you think that maybe you have virus on your computer use virtual keyboard (On-Screen Keyboard). In that way keylogger on your computer (if you are infected with one) won’t be able to recognize password.

Worst and most used passwords you should avoid

Now that you know what are good stuff about passwords and what to do to create a very strong password you should see what some of the most used passwords are. You would think that people would use something better for their personal protection but obviously not. Top 10 most used passwords (and worst) are:

  1. 123456
  2. password
  3. 123456789
  4. 12345
  5. qwerty
  6. 12345678
  7. 111111
  8. abc123
  9. 123123
  10. 1234567

Here is the more detailed list:

Worst Passwords

Yeah, it’s weird but it’s true. Imagine that you want to crack into some account and you discover that some of these “passwords” are used to protect that account.  Unbelievable.

Those were the worst passwords you can possibly have and now here is a list of words that are mostly used in passwords. You can use them with combination with other, much stronger words and symbols but try to avoid them.

  1. password
  2. qwerty
  3. love
  4. monkey
  5. dragon
  6. hello
  7. iloveyou
  8. abcd
  9. welcome
  10. july

You can find more details about passwords in the infographic below. Information for this infographic was taken from a research based on 5 million leaked Gmail logins released on September 9, 2014. Sometimes you can’t protect your information even if you use the most powerful password ever, but then it won’t be your fault and the chances that you will be hacked with powerful password are probably less than 1%. So, get to work and create a strong password for yourself, and then share it with us in the comments 🙂

Password_Security_Infographic-Medium